Overview

overview

7

Static

static

3

9dfe5312a9...0N.exe

windows7-x64

7

9dfe5312a9...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-08-2024 09:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9dfe5312a94b4669df4c03c9b9e99970N.exe

  • Size

    2.7MB

  • MD5

    9dfe5312a94b4669df4c03c9b9e99970

  • SHA1

    f28465e56a254e9e85978b473b920d7e89c658ab

  • SHA256

    fa657b0e187b1c82570b67b38569e4fca8981f72b8e7a6073b4c70524bdfda9d

  • SHA512

    c28f218a92bae68a44a88a65bcc0e6a7c50f0d1982b25cc2eecddb555cee85a614c303458eea8652c49dad07fce032ac0bce27eff69c116839e1f79307cddd62

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBi9w4Sx:+R0pI/IQlUoMPdmpSps4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9dfe5312a94b4669df4c03c9b9e99970N.exe
    "C:\Users\Admin\AppData\Local\Temp\9dfe5312a94b4669df4c03c9b9e99970N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4384
    • C:\IntelprocMZ\adobloc.exe
      C:\IntelprocMZ\adobloc.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:3268

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\IntelprocMZ\adobloc.exe
    Filesize

    2.7MB

    MD5

    f14b3d6adad62d1bec3ae2856e5668ec

    SHA1

    21b9e5e26f337af511ae0e07cf3fca4bba07b9ec

    SHA256

    1e6a12ec50d19d5f81d63de16a0a8658e77f4c9b57f06935f203aaa2aec9e096

    SHA512

    1f4edd656a2e87ab6e790007168d94d2d727c311fe9629c0dfbdecb23d612ab2a07df4d6c78ac74c223e6af8e752b414d621f4d61aa8fe59d771b2c5b5609d59

    Download Submit

  • C:\KaVBU6\dobxsys.exe
    Filesize

    2.7MB

    MD5

    2a859d7da6da8ca2583b07d75eab9ed8

    SHA1

    0d960baaef0c818b9b1abfb6fbe5786b9022d7e8

    SHA256

    9ee20d2f844c3c95d3b26e62b560667c66f77cb061ed36ecfa231cfa942bebce

    SHA512

    8157a039765f65fbe09aae17c1c4f149cbc2576860a58ef263789474d185868b90458bd531e9256472d013926141ebb9dde75385bbf5339dea8bffd46663af94

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    198B

    MD5

    372566968abc1d20875a947e01233277

    SHA1

    39ea4e6b973d9d0279010afe2914dec64c3772cf

    SHA256

    2e803281e05748b49fa02122c4657faa479847d0176c330cd5dff89ffdef5cc0

    SHA512

    853608a1ffc4daa8f4b2b89f8f6137d018384b6c9b7137f6f8869ad8381e9df6263cfcda81dcd1bfb265360a32e3ac3ef05accfd7a68ad5b4aef271a16da681d

    Download Submit